Question re: HTTP::retry
I have an embedded webserver on a device in my network and am working on a rule to basically by-pass the login screen.
The trick with the login process is that it collects a username and a password, but also seeds the page with a randomly generated 8-character string. These three strings are concatenated together, MD5 hashed via some javascript, and POSTed to the form action location.
I've got the salt-grabbing and md5-hashing hex digest stuff worked out, but am getting hung up on the retry. I've looked in pcaps but don't see the POST ever leaving the LTM. Here's the rule. The POST request has been pared down a bit to eliminate some of the client request headers for the sake of readability.
when HTTP_RESPONSE {
if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] < 1000000} {
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1000000
}
if { $content_length > 0 } {
HTTP::collect $content_length
}
}
when HTTP_RESPONSE_DATA {
get the salt off the page
set salt_value [lindex [regexp -all -inline {(ge\" VALUE=\")(.{8})} [HTTP::payload]] 2]
log local0. "salt -> $salt_value"
set response "adminpassword123$salt_value"
log local0. "salted response -> $response"
binary scan [ md5 $response ] H* hexhash
log local0. "md5(hex) of $response -> $hexhash"
Here goes
HTTP::retry "POST /tgi/login.tgi HTTP/1.1\r\n
Host: 10.10.10.10\r\nContent-Type: application/x-www-form-urlencoded\r\n
Content-Length: 77\r\n\r\nUsername=admin&Password=&Challenge=&Response=$hexhash"
}